Step by Step Instructions

Deploying the VMware vRealize Orchestrator Appliance

Note: For anyone who has deployed an OVF/OVA before (such as the vRealize Automation Identity Appliance or the vRealize Automation Appliance) the steps will look very familiar!

Within the VMware vSphere Web Client, right click and select Deploy OVF Template.

Click Browse, navigate to the location of the vRealize Orchestrator OVA, select it and then click Open and then click Next.

Enter the vRealize Orchestrator Appliance name into the the Name text field and then select the Datacentre or folder location to deploy the Appliance.

Click Next.

Select the appropriate cluster, host or resource pool and then click Next.

Click Next.

Click Accept and then Next.

Select the appropriate storage format and location and then click Next.

Choose the correct Port Group from the Destination Network dropdown and click Next.

Check the Enable SSH service in the appliance checkbox (this can be disabled later), enter the FQDN of the Identity Appliance into the Hostname text field, enter (then confirm) the vRO Configuration password in the Enter password and Confirm password text boxes and then enter (then confirm) the root password in the Enter password and Confirm password text boxes.

Click on Networking Properties to expand the options and scroll down to expose the new fields to complete.

Enter the Gateway IP Address into the Default Gateway text box, enter the domain into the Domain Name text box, enter the IP Address(es) of the DNS Server(s) into the DNS text box, enter the Appliance IP Address into the Network 1 IP Address text field and finally add the Netmask into the Network 1 Netmask text field.

Import the vRealize Automation vRO Plugin

Enter vmware into the Username text box and enter the password configured as part of the deployment process into the Password text box and then click Login.

Click Plug-ins.

Click Upload and install then navigate to the plugin and click Open.

Click I accept the terms of the License Agreement.

Click Apply Changes.

Click Startup Options.

Click Restart Service.

Note: If you have more than one vRO node you will need to install the same plugins on each node.

Run the Add vCAC host Workflow

As part of the configuration of vRO to use the vRA Component Registry, a vCAC host for the Default Tenant would have already been added. This is using Per User Session authentication (which is where the currently logged in user credentials are used to run any workflows against the tenant). If you want to use Shared Session authentication (which is where a nominated “service” account runs all workflows for that vCAC host) then we need to add the vCAC host again for each Tenant.

Open the vRealize Orchestrator Client.

Enter the FQDN of the vRO Appliance into the Host Name (https://vro-appliance.fqdn:8281) text box, enter the credentials of a user with vRO Admin rights into the User name and Password text box and click Login.

Note: As part of the component registry workflow above we configured an AD Group to be the VRO Admins.

Enter a unique identifier into the Host Name text box, the vRealize Orchestrator FQDN (either VIP for clustered or appliance for simple) into the Host URL text box, select Yes for Automatically install SSL certificates option.

Click Next.

Ensure that Share Session is selected from the Session mode drop down, enter the name of the Tenant into the Tenant text box, along with the authentication username of and the password into their respective text boxes.

Click Submit.

To confirm this has worked, click Inventory and then expand vCloud Automation Center and select the vCAC host you have just added to check it is Shared Session authentication.

These steps should be completed for all Tenants.

Run the Add the IaaS host of a vCAC host Workflow

Open the vRealize Orchestrator Client.

Enter the FQDN of the vRO Appliance into the Host Name (https://vro-appliance.fqdn:8281) text box, enter the credentials of a user with vRO Admin rights into the User name and Password text box and click Login.

Note: As part of the component registry workflow above we configured an AD Group to be the VRO Admins.

Select Shared Session from the Session mode drop down, enter the user name and password of a user with Administrative privileges to the IaaS Manager Service.

Note: Do not use username@domain or domian\username notation, just enter the username. In my homelab, I’m a vRO Service Account I have created.

Click Next.

Update the Domain for NTLM authentication text box to reflect the NETBIOS name of the domain for the previously specified user.

Click Submit.

Run the Install vCO customizations Workflow.

Open the vRealize Orchestrator Client.

Enter the FQDN of the vRO Appliance into the Host Name (https://vro-appliance.fqdn:8281) text box, enter the credentials of a user with vRO Admin rights into the User name and Password text box and click Login.

Note: As part of the component registry workflow above we configured an AD Group to be the VRO Admins.

Select which lifecycle stages you want to be able to add custom logic to (or leave as default = all selected), click Next.

Enter 1 into the Number of menu operations and their workflows text box and click Submit.

Configure vRealize Automation to use an External Orchestrator

In this section we’ll be configuring the external vRealize Orchestrator Appliance as the system wide Orchestrator instance. If the embedded Orchestrator is configured you can also decide to leave that for the Default Tenant and override that configuration on a Tenant by Tenant basis.

Log into the VMware vRealize Automation Default Tenant as the System Administrator (administrator@vsphere.local).

Click Orchestrator Configuration > Server Configuration.

Select Use an external Orchestrator server option.

Enter a name for this Orchestrator instance into the Name text box, enter the FQDN of the vRealize Orchestrator into the Host text box, enter 8281 (default port) into the Port text box and then click Test Connection.

Click Update.

At the Delete Endpoints dialog, click OK.

Note: If needed you can also change the default folder for Orchestrator workflows by clicking Default Orchestrator Folder and changing the folder for each tenant.

Create an Orchestrator Endpoint in vRealize Automation

Log into the VMware vRealize Automation Default Tenant as the Infrastructure Administrator.

Click Infrastructure > Endpoints > Endpoints

Click New Endpoint > Orchestration > vCenter Orchestrator

Enter a name for the new Orchestrator Endpoint into the Name text box, enter https://vro-appliance.fqdn:8281/vco into the Address text box and then click …

Click New Credentials.

Enter the friendly name for the credentials into the Name text box, the username (in name@domain format) into the User Name text box and the password into the Password text box and click Save.

Note: The credentials you use should have Execute permissions for any vRealize Orchestrator workflows to call from IaaS.

Click OK.

Add the VMware.VCenterOrchestrator.Priority custom property with a priority of 1 (or whatever priority you wish to give) and click Save.